Privacy Policy

1. Introduction
This data protection policy informs you about the nature, scope and purpose of the processing of personal data within our online offer and the websites, functions and content associated with it, as well as external online presences. The collection and processing of your personal data is carried out in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

1.1 Controller
The responsible controller within context of the GDPR is:

Human Solutions GmbH
Europaallee 10
67657 Kaiserslautern
Deutschland
Tel.: +49 631 343 593 00
E-Mail: contact@human-solutions.com
Impressum: https://www.human-solutions.com/de/footer/impressum.html
represented by the managing directors Anton Preiß, Michael Stöhr, Karsten Newbury, Christopher John O’Connor

1.2 Data protection officer
If you have any questions about the way we use your personal data, please contact us by e-mail.
You can also contact our data protection officer directly: Marco Peters, Nextwork GmbH, datenschutz@nextwork.de

1.3 Changes to our privacy policy
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. This data protection policy is for your information only. You do not have to agree to this data protection policy at any point on our web pages.
Last Updated: 27. March 2023

1.4 Data subject rights      
you can exercise the following rights at any time using the contact details provided by our data protection officer:
Art. 15 GDPR, right of access: the right to be informed about the personal data we process about you and to request information about it.
Art. 16 GDPR, right of rectification: the right to request that we change or update your personal data if it is incorrect or incomplete
Art. 17 GDPR, right to erasure: the right to demand that we permanently delete your personal data, unless other legal regulations or an overriding interest on our side prevent this.
Art. 18 GDPR, right to restriction of processing: Right to restriction - the right to request that we temporarily or permanently stop processing your personal data.
Art. 20 GDPR, right to data portability: he right to request a copy of your personal data in electronic format and the right to transfer this personal data to a third party for use.
Art. 21 GDPR, right to object: the right to object to the processing of your personal data by us at any time for reasons arising from your particular situation. This right to object requires the existence of special circumstances of your personal situation, whereby our rights may conflict with your right to object in individual cases.
Art. 7 para. 3 GDPR, right to withdraw consent: you have the right to withdraw your consent at any time. The withdrawal of consent has no affect the lawfulness of processing based on consent before its withdrawal.
Art. 77 right to lodge a complaint with a supervisory authority - In addition, there is a right of appeal to a competent data protection supervisory authority. A list of the supervisory authorities (for the non-public sector) with address can be found at  https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

2. Encryption
To protect the security of your data during transmission, this website is encrypted and authenticated using TLS 1.3. We use HTTPS as default.

3. Server-Logfiles
When you access our website, information of a general nature is automatically collected - even if you do not register or otherwise submit information. It is processed for the following purposes:

  • Ensuring a smooth connection of the website.
  • to ensure smooth use of our website
  • to assess system security and stability
  • to optimize our website

The server log files include, for example, the IP address, the type of browser used, the sub-page visited, the date and time of access.
A transmission to a third country does not take place. We use service providers in compliance with Art. 28 GDPR for the provision of services, for the provision, maintenance and care of IT systems.
The data is deleted as soon as it is no longer required for the purpose of processing. This is usually the case for the data used to provide the website when the respective session has ended.
The provision of personal data is neither legally nor contractually required. However, without the IP address and the cookie identifier, the service and functionality of our website cannot be guaranteed. In addition, individual services and benefits may not be available or may only be available to a limited extent.
The processing is based on Art. 6 (1) f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

4. Contact
4.1 E-Mail, telephone, post
Our website contains contact information that allows you to quickly communicate with us. We process your personal data for the purpose of handling your request. If you contact us by e-mail, telephone or mail, the personal data transmitted by the data subject will be automatically stored or, if necessary, manually transferred to our systems.
The legal basis for processing the data you provide us when sending an e-mail or calling us is Art. 6 (1) b) GDPR, provided that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) f) GDPR) or on your consent (Art. 6 (1) a) GDPR) if this has been requested.
There is no transfer of this personal data to third parties and your data will be processed in this context only if necessary.
The provision of your personal data is voluntary. However, we cannot contact you without the provision of this data.

4.2 Contact form
On our website, we also provide you with a contact form that can be used for electronic communication. The personal data concerned will be automatically entered into HubSpot. The storage is solely for the purpose of processing or contacting the data subject.
Your personal data will be transmitted to us using an encrypted transport protocol. The legal basis for processing the data that you transmit to us when sending an email or making a call is Art. 6 para. 1 lit. b) GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing the inquiries directed to us (Art. 6 para. 1 lit. f) GDPR) or on your consent (Art. 6 para. 1 lit. a) GDPR) if it has been requested.
In addition to the companies in Europe, Humanetics Innovative Solutions, Inc. based in the USA also has access to your data within the corporate group. Suitable guarantees pursuant to Art. 46 ff. GDPR are in place. In addition, an agreement on joint responsibility within the corporate group has been reached. Humanetics Innovative Solutions, Inc. provides HubSpot for the management and processing of contact inquiries. HubSpot is a software company based in the USA with a branch office in Ireland. Contact: HubSpot, Inc. Address: 25 First Street, Cambridge, MA 02141 USA. https://legal.hubspot.com/privacy-policy
The personal data collected by us due to your contact request will be deleted as soon as the purpose of the processing is no longer applicable. Unless statutory retention obligations prevent this. The provision of your personal data is voluntary. However, without providing this data, we cannot contact you.
To be able to send the contact form, we use the double opt-in procedure with email verification for security. In addition, we use Google reCAPTCHA to optimize our own services and protect ourselves against cyber attacks (see 12. Google reCAPTCHA).

5. User Login (customer access only)
Our customer portal is used for the exchange of relevant information regarding our contractual relationship with customers.  Registration or login is required to use the customer portal. This is done for secure identification, so that data access by unauthorized persons is excluded, as well as to detect, track and eliminate cases of misuse. The following personal data is processed for the use of the customer portal: Salutation, first name, last name, company, e-mail. This personal data is not passed on to third parties. The storage period of the registration data is 3 years, the contents in the customer portal, which are provided in relation to the fulfillment of the contract, are stored in accordance with the legal retention periods.
The provision of your personal data is a mandatory part of the contractual relationship. Without the provision of this data, we cannot comply with the contractual agreements. The legal basis for the processing of the data, is Art. 6 (1) b) GDPR.

5.1 Support-Request
In our customer portal, we allow you to contact us via a support request. We use a contact form for this purpose. We process the e-mail address and the content of the message of our customers. The information is not passed on to third parties. We store your data until the purpose no longer applies and no legal retention period is applicable. The provision of their data is not contractually or legally required. However, we cannot provide support services without the provision. We process your personal data based on an existing contract in accordance with Art. 6 (1) b) GDPR.

6. Processing of customer/prospect and supplier data
We process your personal data insofar as this is necessary for the establishment, execution, and fulfillment of a contract as well as for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 (1) b) GDPR.  If you give us your consent to process personal data for specific purposes (e.g., disclosure to third parties, evaluation for marketing purposes, customer satisfaction surveys or promotional approaches by e-mail), the lawfulness of this processing is based on your consent pursuant to Art. 6 (1) a) GDPR. Consent given can be revoked at any time with effect for the future (see paragraph "Data subject rights"). If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfillment of legal obligations pursuant to Art. 6 (1) c) GDPR. In addition, processing may be carried out to protect our legitimate interests, as well as to defend and assert legal claims pursuant to Art. 6 (1) f) GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law. We process personal data that we receive from you while contacting you or establishing a contractual relationship or during pre-contractual measures.

7. Applicant management
We are pleased that you are interested in us and would like to apply for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with the application.
We process the data you send us in connection with your application to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.
The processing may also take place electronically. This is particularly the case if you send us relevant application documents, for example, by e-mail or via our contact form. In this context, we process the following categories of personal data from you: Curriculum vitae details, gender, title, first name, last name, address, telephone, e-mail and contents of a personal message written by you. Your personal data are secured by means of transport encryption TLS 1.3 when they are transmitted via the contact form.
The legal basis for the processing of your personal data in this application procedure is primarily Art. 6 (1) b) GDPR (fulfillment of our (pre)contractual measures). In Germany, § 26 BDSG (Bundesdatenschutzgesetz) also applies. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out based on the requirements of Art. 6 GDPR, to safeguard legitimate interests pursuant to Art. 6 (1) f) GDPR. Our interest then consists of asserting or defending claims under the General Equal Treatment Act (AGG).
Data of applicants will be deleted after 6 months in case of rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after 12 months. If you have been accepted for a position as part of the application process, your data will be transferred from the applicant data system to our HR information system.
The data is processed in data centers in the European Union. Within the Humanetics Group, we use Humanetics Innovative Solutions Inc. based in the USA as a processor for the provision of services. For the provision, maintenance and servicing of IT systems. In this context, the requirements regarding appropriate guarantees pursuant to Art. 44 - 49 GDPR are considered.
Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then made available for inspection by the internal department heads for the respective open position. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process.
No automated decision-making or profiling takes place as part of the application process.
The provision of personal data is not required by law or contract. However, without providing it, you will not be considered in the application process. A revocation has the consequence that we are no longer allowed to process your data from this point in time and that you will thereby drop out of the application process.

8. Social Media
The Human Solutions GmbH is represented in the social networks. We share content, offers and present our products via the social media channels. The respective operators of the social networks use cookies and similar technologies to record your usage behavior during any interaction. This also includes general statistics on interests and demographic characteristics (such as age, gender, region). However, the scope and purpose of the processing of your personal data is determined by the operator of the social network.  If you have given consent to the operators of the respective networks in the form of your own user account, the legal basis is Art. 6 (1) a) GDPR (consent). Otherwise, the legal basis is Art. 6 (1) f) GDPR, our legitimate interests lie in the mentioned purposes.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; https://de.linkedin.com/legal/privacy-policy?
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php;
weitere Informationen zur Datenerhebung: http://www.facebook.com/help/186325668085084
http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo
Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://policies.google.com/privacy

9. Newsletter
For the dispatch of our newsletter, we collect personal data that is transmitted to us via an input mask. For an effective registration we need a valid e-mail address. To verify that the registration is made by the owner of an e-mail address, we use the "double opt-in" procedure. For this purpose, we log the registration for the newsletter, the sending of a confirmation e-mail and the receipt of the response requested herewith. Based on your explicit consent (Art. 6 (1) a) GDPR), we will regularly send you our newsletter to the e-mail address you have provided.  You have the right to revoke your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future (Art. 7 3) GDPR). Unsubscribing can be done via the link contained in each email, by contacting the data protection officer mentioned below or via our contact details. Within the Humanetics Group, Humanetics Innovative Solutions, Inc. based in the USA has access to your data. Appropriate guarantees pursuant to Art. 44 ff. are in place. Humanetics Innovative Solutions, Inc. provides the HubSpot service for sending the newsletter. HubSpot is a software company from the USA with a branch office in Ireland. Contact: HubSpot, Inc. Address: 25 First Street, Cambridge, MA 02141 USA. https://legal.hubspot.com/privacy-policy In this context, the data will only be processed if the corresponding consent is given. After that, they will be deleted. The provision of your personal data is voluntary and based solely on your consent. Without an existing consent, we can unfortunately not send our newsletter.

10. Cookies
Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. You can delete individual cookies or the entire cookie inventory, view cookies and renew or change your cookie consent.

10.1 Technical necessary cookies
Cookies do not contain any data about you. These cookies are also used when you surf the Internet completely anonymously. Nevertheless, you can specify in the settings of your browser whether and which cookies the browser should accept. However, the rejection of cookies has the disadvantage that a session is then realized via a technical way, which means more uncertainty for you.
The processing of data by means of technically necessary cookies is based on a legitimate interest, the provision of a functional website (Art. 6 (1) f) GDPR).  We do not use cookies from third parties.
The provision of the personal data is not required by law or contract. However, without this data, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited.

10.2 Cookies: Analysis, Personalization, Others
For all other cookies, which are not technically necessary, we need your consent (Art. 6 (1) a) GDPR). You can configure this via our Link Cookie Settings (Footer). We do not use cookies from third parties. The provision of the aforementioned personal data is neither legally nor contractually required.

10.3 Cookies Consent Tool
Our website uses the cookie consent technology provided by CCM19 Cookie to obtain your consent for storing certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH - Dr. Carsten Euwens. Bornschein, Auguststr. 4, 53229 Bonn (hereinafter referred to as "CCM19"). When you enter our website, a CCM19 cookie is stored in your browser, which stores the consents or revocations of consents you have given. This data is not passed on to CCM19. The data collected is stored until you request deletion from us, delete the CCM19 cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. The use of the CCM19 cookie consent technology is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.

11. Google Analytics (anonymization)
If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We use the function 'anonymizeIP' (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

During your website visit, the following data is collected:

  • The pages you visit, your "click path".
  • achievement of "website goals" (conversions, e.g. newsletter sign-ups, downloads, purchases)
  • Your user behavior (for example, clicks, dwell time, bounce rates)
  • Your approximate location (region)
  • Your IP address (in shortened form)
  • Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipient
The recipient of the data is

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

as a processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities may access the data stored by Google.

Transmission to third countries
A transfer of data to the USA cannot be excluded

Storage period
The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
a. Not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de
You can also prevent cookies from being stored by configuring your browser software accordingly. However, if you configure your browser to refuse all cookies, you may experience limitations in functionality on this and other websites

Legal basis and revocation option
for this data processing is your consent, Art.6 (1) a) GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.
For more information on the terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de

12. Google reCAPTCHA
Google reCAPTCHA is used on this website to verify whether data entry, such as in a contact form, is being done by a human or an automated program. To do so, reCAPTCHA analyzes the website visitor's behavior based on various characteristics. This is done for security reasons on the website.
The following personal data is processed: referrer URL, IP address, cookies, mouse and keyboard behavior, date and language settings, all JavaScript objects, and screen resolution.
The provider of reCAPTCHA is Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland.
As a basis for data processing with recipients located in third countries or data transfers to such countries, Google uses standard contractual clauses according to Art. 46 para. 12 and 3 GDPR. Google thus commits to complying with the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/. Further information about reCAPTCHA can be found at https://developers.google.com/recaptcha/. An overview of the general use of data at Google can be found in the privacy policy at https://www.google.com/intl/de/policies/privacy/.
The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Furthermore, there is a legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR to optimize the online service and ensure security. However, Google reCAPTCHA is only used if you have given your consent. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection. The provision of your personal data is voluntary and is based solely on your consent.

13. Ongoing deletion and blocking of personal data
The Human Solutions GmbH processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or insofar as this has been provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject. If the purpose of storage no longer applies or if a legally prescribed retention period expires, the personal data will be blocked or deleted on an ongoing basis and in accordance with the statutory provisions.

14. automated decision making / profiling
The Human Solutions GmbH does not use automated decision-making or profiling.